d86ec0c76a69885cae2fcc67d2a3ddcc818c6ed25c02fcfff0a1accad552de5d

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 22:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

717ecd1bf81679c9174e802a4090819d_JaffaCakes118.html
Size

141KB
MD5

717ecd1bf81679c9174e802a4090819d
SHA1

08c686e9b5225f3599accee13fc5ec43f4f38d8f
SHA256

d86ec0c76a69885cae2fcc67d2a3ddcc818c6ed25c02fcfff0a1accad552de5d
SHA512

2a722c6ef5901ed95b70ba1c8ea228dfc7bd1563eabf3013f78e9d273a72390c4705e6cf26ce58c7db9ccfeac554bcabef98364578c58083de57f3a66a28b1c0
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fczPEHAGz8Ln91icZc3L3Rp:sHrILip

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
264	msedge.exe
264	msedge.exe
1600	msedge.exe
1600	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 4704	1600	msedge.exe	84
PID 1600 wrote to memory of 4704	1600	msedge.exe	84
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 1216	1600	msedge.exe	85
PID 1600 wrote to memory of 264	1600	msedge.exe	86
PID 1600 wrote to memory of 264	1600	msedge.exe	86
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87
PID 1600 wrote to memory of 1744	1600	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\717ecd1bf81679c9174e802a4090819d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff876c946f8,0x7ff876c94708,0x7ff876c94718
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2577528424312232422,6404825714405348763,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2577528424312232422,6404825714405348763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2577528424312232422,6404825714405348763,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2577528424312232422,6404825714405348763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2577528424312232422,6404825714405348763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2577528424312232422,6404825714405348763,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95bd4c879ac2929df9abd1201086d4ee

SHA1
ed0965f6f35762648372afef2bc04500db975e1c

SHA256
cba1956e05f4b68f13974cc8d6851de9da047b0a1ca9e355b4dc88c0ce0ad676

SHA512
ed910ae7defd07a75cfff57e1a1f5dbb4dbbc7e53aed49993b1c0e147772032e8eb5f22596e2c1b0ca25ed2f3ce782c2c59fd73b0ea739b63264483798368022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d72d1f50a8cb22ec98d32edaddc0f37b

SHA1
08aacf3ee683c7b6a5b092e5913500c68a2fc07d

SHA256
80d264533b5f80d19b6eb5e745abd8d390487c4c1e8c7ac3550c1a893191f433

SHA512
d161548c4a45ca9f058dbd9844fa8be80f7b5306573e40d8c4d3700926d71424d9ecfe72e4aa9e972b410882329f2d1ca1ca1857719bb45590dd0866d7b28eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
73cc1b9d22482b45e44d3354ab2eb448

SHA1
310ddddae477565a0e9f30b39009afa194548b9d

SHA256
ada894eaecffb6757857da14831c76bbb68fea8e1e5689928358013258137e68

SHA512
71abe23b0633089e33a4bf1ae91d0d733a5144c6e8d7bfdc79a84d921c5cb3cfcff864ecac7a236c5d4e655668f68ec8080f66cd5d6f3b806d96796cfb251406

Download Submit